Fixed linker issues
Finished dynamic function resolving
This commit is contained in:
+17
-22
@@ -8,7 +8,7 @@
|
||||
#include "Domito.Internal.h"
|
||||
|
||||
|
||||
static QUERY_INFO_PROCESS ZwQueryInformationProcess;
|
||||
DOMITO_COMMON G_Common = {};
|
||||
|
||||
static STRING G_FN_CiFreePolicyInfo = RTL_CONSTANT_STRING("CiFreePolicyInfo");
|
||||
static STRING G_FN_CiCheckSignedFile = RTL_CONSTANT_STRING("CiCheckSignedFile");
|
||||
@@ -17,6 +17,9 @@ static STRING G_FN_CiGetCertPublisherName = RTL_CONSTANT_STRING("CiGetCertPublis
|
||||
static STRING G_FN_CiSetTrustedOriginClaimId = RTL_CONSTANT_STRING("CiSetTrustedOriginClaimId");
|
||||
static STRING G_FN_CiValidateFileObject = RTL_CONSTANT_STRING("CiValidateFileObject");
|
||||
|
||||
DECLARE_GLOBAL_CONST_UNICODE_STRING(G_QipRoutineName, L"ZwQueryInformationProcess");
|
||||
DECLARE_GLOBAL_CONST_UNICODE_STRING(G_IdetdRoutineName, L"RtlImageDirectoryEntryToData");
|
||||
|
||||
|
||||
_Success_(return == STATUS_SUCCESS)
|
||||
_Must_inspect_result_
|
||||
@@ -60,6 +63,11 @@ DomitoInit()
|
||||
}
|
||||
}
|
||||
|
||||
G_Common.ZwQueryInformationProcess =
|
||||
(t_ZwQueryInformationProcess)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_QipRoutineName);
|
||||
G_Common.RtlImageDirectoryEntryToData =
|
||||
(t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&G_IdetdRoutineName);
|
||||
|
||||
return STATUS_SUCCESS; // TODO: unused currently
|
||||
}
|
||||
|
||||
@@ -160,19 +168,14 @@ DomitoFindExportedFunctionAddress(
|
||||
{
|
||||
NTSTATUS status = STATUS_NOT_FOUND;
|
||||
ULONG exportSize;
|
||||
|
||||
DECLARE_CONST_UNICODE_STRING(routineName, L"RtlImageDirectoryEntryToData");
|
||||
|
||||
const t_RtlImageDirectoryEntryToData fp_RtlImageDirectoryEntryToData =
|
||||
(t_RtlImageDirectoryEntryToData)MmGetSystemRoutineAddress((PUNICODE_STRING)&routineName);
|
||||
|
||||
if (fp_RtlImageDirectoryEntryToData == NULL)
|
||||
|
||||
if (G_Common.RtlImageDirectoryEntryToData == NULL)
|
||||
{
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
// Retrieve the export directory information
|
||||
const PIMAGE_EXPORT_DIRECTORY exportDirectory = (PIMAGE_EXPORT_DIRECTORY)fp_RtlImageDirectoryEntryToData(
|
||||
const PIMAGE_EXPORT_DIRECTORY exportDirectory = (PIMAGE_EXPORT_DIRECTORY)G_Common.RtlImageDirectoryEntryToData(
|
||||
ModuleBase,
|
||||
TRUE,
|
||||
IMAGE_DIRECTORY_ENTRY_EXPORT,
|
||||
@@ -347,22 +350,14 @@ DomitoGetProcessImageName(
|
||||
return status;
|
||||
}
|
||||
|
||||
if (ZwQueryInformationProcess == NULL)
|
||||
if (G_Common.ZwQueryInformationProcess == NULL)
|
||||
{
|
||||
UNICODE_STRING routineName = RTL_CONSTANT_STRING(L"ZwQueryInformationProcess");
|
||||
|
||||
ZwQueryInformationProcess =
|
||||
(QUERY_INFO_PROCESS)MmGetSystemRoutineAddress(&routineName);
|
||||
|
||||
if (ZwQueryInformationProcess == NULL)
|
||||
{
|
||||
status = STATUS_NOT_IMPLEMENTED;
|
||||
goto cleanUp;
|
||||
}
|
||||
status = STATUS_NOT_IMPLEMENTED;
|
||||
goto cleanUp;
|
||||
}
|
||||
|
||||
/* Query the actual size of the process path */
|
||||
status = ZwQueryInformationProcess(
|
||||
status = G_Common.ZwQueryInformationProcess(
|
||||
hProcess,
|
||||
ProcessImageFileName,
|
||||
NULL, // buffer
|
||||
@@ -384,7 +379,7 @@ DomitoGetProcessImageName(
|
||||
}
|
||||
|
||||
/* Retrieve the process path from the handle to the process */
|
||||
if (!NT_SUCCESS(status = ZwQueryInformationProcess(
|
||||
if (!NT_SUCCESS(status = G_Common.ZwQueryInformationProcess(
|
||||
hProcess,
|
||||
ProcessImageFileName,
|
||||
*ProcessImageName,
|
||||
|
||||
Reference in New Issue
Block a user